Can it cause harm to validate email addresses with a regex?

Question

I\'ve heard that it is a bad thing to validate email addresses with a regex, and that it actually can cause harm. Why is that? I thought it never could be a bad thing to val

Answer 1

In addition to other answers, I would like to point our, that Regex engines are susceptible to ReDOS - regex denial of service attacks. The attack is based on the fact that many non-trivial regular expressions have inputs that can take an extraordinary amount of CPU cycles to produce a non-match.

Crafting such an input might cause trouble to the availability of the site even with small botnet.

For more information "Regular Expressions Denial of the Service (ReDOS) Attacks": https://dzone.com/articles/regular-expressions-denial